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r^rTMETHOD AND A ENCRYPTION OP IMAGES 



| (57) Abstract 

In a method and a de- 
vice for partial encryption and 
progressive transmission of im- 
ages, a first section of the im- 
age file is compressed at reduced 
quality without decryption, and 
a second section of me image 
file is encrypted. Users having 
access to appropriate decryption 
keywords can decrypt this sec- 
ond section. The first section 
together with the decrypted sec- 
1 ond section can then beviewed 
I as a full quality image. The stor- 
age space required for storing the 
tot and section together is «- 
sentially the same as the stor- 
age space required for storing 
die unencrypted full quahty tm- 
aee. By using the method and 
device as described herein stor- 
aec and bandwidth requirements 
\ for partially encrypted images is 
reduced. Furthermore, object 
based composition and process - 
i„g of encrypted objects are fa- 
cilitated, and ROIs can be en- 
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A METHOD AND A DEVICE FOR ENCRYPTION OF IMAGES 
TECHNICAL FIELD 

The present invention relates to a method and a device for 
encrypting images* 

BACKGROUND OF THE INVENTION AND PRIOR ART 

Lryption of digital data is a technical field which becomes 
i^ortant when transiting and storing secret information or 
information which only shall be available to a user paying for 
the information. Thus, several methods for encrypting digital 
data are in frequent use. Such methods can also be applied also 
to digital image data. Examples of encryption methods are DES, 
triple DES and the public-key RSA method. 

Digital images can be stored on servers and distributed over a 
^communication network as digital image data. Images can also 
te distributed using a physical storage medium such as a CD ROM. 
Service providers need to establish ^"V^^TU 
their business model. In this context it might be suit 

-nrr-^ ~ - b e 

r^r l :r r « an us-* « ***** — 

to all image data. 

v,*. offered for sale on the Internet. 
N ews photographs can eaMmru to download a 

The service provider wants to all evalua tion. 
version of the image with reduced quality ~ ^ 

journals that want to publish an image, pay for the 
areThen allowed to download a full quality .mage. 

v, service provider wants to minimize storage space 
However, such a service provi alternatively 

-, ^ rafes An image provider mignt culu 

and download bit rates. An im g y CD . RO Ms are given 

want to distribute images on e.g. a ^ & 

away or sold for a low price. » ^ full 

r educed quality, but they must pay fo ™ 9 use ^ storage 
ouality. in the case the image provider want s t 
^ace on the CD-ROM as efficiently as possible. 
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It is also essential that customers always can access xmages 
using user friendly, standardised software. Image providers are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

Presently, image providers have to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image first xs 
compressed and stored in a compressed file format such as JPEG 
or GIF The compressed file is then encrypted using a suxtable 
encryption tool and an encrypted image file is stored. The user 
must first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 
quality images are produced by processing the full quality 
images in an image editing program. They are stored as separate 
compressed image files. 

Tfce problem with this solution are that at least 
versions of the same is*ge need to he stored, and that both 
versions must also be transmitted over the networ* in case of 
Telote aocess in the ease a custom first wants to see the free 

^resolution image before paytag for the full resolution 

version. 

This results in a signifioant disadvantage if the reduced 
This res traction of the image 

version image contain^ a ^ ^ co journals would 

information. Images that are °« ere quality 
in particular he provided for f -""^^^Ltanding of 

— *'~\-i t £ repts r y - ht -t quality for 
prtntlT - TLZ ^ could retire 10-S0, of the 

storage space of the full quality image. 

trff ication Model -^J^ ^llTmage coding 
£u nctioualities in comparison « £or creating a 

techniques. They include, in application domain 

„ide range of progressive image formats. 
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can select a suitable progression mode. Individual objects 
within images can be accessed separately in the JPEG 2000 
bitstream and progressive transmission can be applied also to 
objects, in JPEG 2000 there is also support for independently 
decodable coding units. 

SUMMARY 

It is an object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
Lount of memory required for storing an linage, which partially 
shall be possible to view, and also to reduce transmission time 
in a transmission scheme transmitting partially encrypted 
images. 

This object and others are obtained by a technique for partial 
encryption and progressive transmission of images where 
sec^on of the image file can be decompressed at reduced quality 
without decryption, i.e. the first low quality image xs not 
encrypted, and where a second section of the image file 
encrypted - 

Ihu , _ « ~ - [:: —rubers z 

Z7- The storage space reguired ror ™ 9 ^ ^ « 
se ction together is essentially ^ . The 

requi d ~ £ — cf r,Te^L the 

TctTon eclated to the encrypted second section. 

oan also be partitioned into multiple sections where 
i3T^. encrypted with an J^E. 
method and Keyword «. £^^-^-^--2- 
M ^rtan, -^J^ images consis t of a set o £ 
herein is that the comp es it 

independently decodable coding nnits JOT . T ^ 
possible to perform encryption operation in 
domain without performing entropy decoding. 
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A reduced quality image can be produced according to several 
different main schemes, such as: 

1) Reduced resolution 

2) Reduced accuracy of the transform coefficients. 

3) Exclusion of predefined regions of interest (ROD 

These methods can be combined so that a reduced quality image is 
e.g. produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
iLge data as described herein, several advantages are obtained. 
Thus, there is no need to store two different versions of an 
i^ge if different users are to have access to different qualxty 
of the one and same image. Also, transmission times become much 
lower if the information content of the first, low resolution 
iTge aata can be reused when transmitting the higher resolution 
image data. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Th e present invention will now be deserved xn "<™J* 
with reference to the accompanying drawings, u whrch. 

Fig 1 is a general view of the file structure of an image. 

- Fxg. . - i m , aes coded according to 

- Figs. 2a and 2b shows encryption of images coo. 

the JPEG 2000 standard. carried- out 

- Fig. 3 is a flow chart illustrating some steps carried 

when encrypting an image. server process. 

Fig 4 is a diagram illustrating a client server P 

- Fig. 5 is a view of an encryption header 

DETAILED DESCRIPTION ^ ^ original , 

X„ Fig. l, l£TZ£Z shown. Thus, the image data file 
high resolution, image xs independently decodable coding 

consists of a number oi ^™ Structure shown in Fig. 
sections 101, 103 and 105. In the ion version c f a high 

1, the section 101, which is a low r therefore 

. M „- is c oded without encryption ana 
resolution image, is cou<= 

be possible to decode by any receiver. 
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The section 103, which comprises data, which combined with the 
data of section 101. result in a medium resolution versaonof 
Che high resolution image, is encrypted using a first encryption 
method, and only receivers having access to the correct 
encryption key will be able to decode the data stored in the 
section 103 . 

The section 105, which comprises data, which combined with the 
data of section 101 and 103 results in a full resolution version 
of the high resolution image, is encrypted using a second 
encryption method, and only receivers having access to the 
encryption key will be able to decode the data stored xn the 
section 105. 

Thus, decoding of the section 101 will result in a low 
resolution image version 107. Decryption 109 and decoding of the 
section 103 will, combined with the image data from the section 
X01 result in a medium resolution i«*ge 111. Decrypts 113 and 
aecoding of the section 105 will, combined with the image data 
tTZ sections 101 and 103 result in a full resolution image 

115. 

TPPfi 2000 standard without 
Purthermore, implementation in the JPEG 2000 m 

ROT, see Charilaos Cnristopoulos (ed ) JPEG 200 

• „ o n describes how each coding unit 01 
Model Version 2.0, deserves w^«»fr e am so that a wide 

2000 bitstream can be inserted xn the bxtstream 
range of progressive modes can be supported. 

o o a coding unit is a part of 
a JPEG 2000 verification model 2 0, a codig 

the bitstream that encodes a specif i ^f^Ld as any 
subband. in general, a coding unit can be ^<*£> ^ 
independently decodable subset of ^^7* to include so 
onanism for specifying the bitstream order xs to 
Tailed tags that specifies the next cc^g uni Ut is ^ 
sufficient to specify the subband che header tha t 

Known, . several specific modes can bics that 

defines a default coding unit order thus saving 
are needed for inserting explicit tags. 
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in Figs. 2a and 2b block diagrams describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus in Fig 2a a block diagram where encryption is performed 
axter entropy coding in the encoder is shown. Coding units enter 
I entropy coding block 20!. Xn the block 201 coding the ooding 
units are entropy coded using some suitable entropy code. The 
output from the block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded coding unit. 
Some coding units can be selected to not be encrypted at all. 

in response to the selection made in the selector 203 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with the not encrypted cod^g 
unilfthen form a combined output data stream, which can be 
stored or transmitted. 

In ,16 2b a decoder £or decoding the bit stream generated by 
tL elL in Pig. 2a is shown. Thus, first encrypted and net 
encrypted coding units enter the decoder vxa a -*««»^ 
^selects a suitabXe decryption -^^£*J^™ 
coded ceding unit, or if the recexved °<*^™ C J> 
encrypted it is directly transmitted to a block 255. 

k„ the selection made in the selector 255 the 
in response to the select ^ in a b i oc k 253 using a 

entropy coded coding unrts are £™£pUd ^ ^ ics are 
suitable decryption algorithm. The de cryp 

then fed to the block 255. - the block 2^5 the c^ g^^ 
from fed directly from the selector 25 land ^ 

block 253 are entropy //ream which is fed 

output data stream corresponds to the data 
to the entropy coding block 201 in Fig- 2a. 

• ■->,» transmission scheme as shown in the 
E ach coding «n« » Ch * ™^ indepenn ently encrypted block. 
Fig s. 2a and 2b is '"^^J^J sep arately with any user 
Bach coding unit can also be encryp ^ ^ ^ 

rrenc^nr^errnt encryption methods. T he 
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encryption method used can further be en encryption algorithm 
confined with a keyword or a method tor generating Keywords. 

Different encryption methods can in such an embodiment have 
identical algorithms but different keywords. Encryption Method 
D^riPtion as shown in rigs. 2a and 2b is any global data 

"ch a P s session Keywords or algorithm identifiers 
to specify the Encryption «ethod. unit Encryption State (DBS) is 
a symbol that for each coding unit defines how it is encrypted. 

in Eig 3, a flow chart illustrating different steps carried out 
when encrypting an image are shown. Eirst. in a step 301 an 
inage to be partially encrypted is received. The image received 
in Lep 301 is then coded using a coding algorithm generating 
independently decodable coding units, e.g. JPEG 2000, in a step 



303. 



„.vc in a step 305. some of the coding units of the image coded 
~ encrypted using some suitable encryption method, 
Zl Z OES. ,he coding units that are chosen to £ 

, a ^ ^ accordance with user preferences. Thus, 
can be set in accord hiqher order 

, n have co ding units corresponding to ROls, mgne 
chose to have coding encrypted coding units 

bi t-planes, etc, encrypted. Fxnally, into a 

and the coding units which are not encrypted are merg 
single bit stream. 

In Fig . , a ficw --^^^rrsr- 

wh en transmitting a* image encoded ^ _ 

oescribed in ---tion^ith E g. ,„ _ then issue 

a^asHo^ the IS- *03 for a particular image, step 



405. 



403 replies by transmitting the coding units of the 
The server 403 replies uy encrypted 
iaage which are not encrypted, step ^ ^ 

coding units can be decoded by the U ^ ^ 

access to a low resolution version or a par ^ ^ 

Based on this information the ^ ™ ™* ^ . I£ S o the 
th e image in a higher resolution or the 
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client transmits a request to the server requesting such 
information, step 409. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413, e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415. A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
"Data and computer Communications", p 635 -637, Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
with images coded as described herein. The scheme as described 
in conjunction can be modified so that no image data is 
transmitted. Instead the client only agrees to conditions set by 
the server in order to have access to the key word(s) which are 
required to decrypt the encrypted coding units of the CD-ROM. 

in the case when the method and device as described herein is 

used when encoding image according to the JPEG 2000 

is advantageous if the JPEG 2000 standard does not 

encryption methods. An Encryption Header that is included xnthe 

^header or optionally an Encryption Tag that is merged with 

the JPEG 2000 Tags can instead be used to specify how coding 

units are decrypted. 

in such an embodiment the JPEG 2000 image header contains an 

fEP) EF is then set if any coding unit is 
"a Z lZ^ Header « should then be appended to 

th e7pEG 2000 image header and encryption information can 

optionally be merged into JPEG 2000 Tags. 

in Pig. 5 an encryption header i. shown. The Encryption Header 
can in such an embodiment contain the following symbols. 
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1) Encryption Mode (EM) . A set of standard encryption modes are 
defined e.g. 

a) .One encryption method is used for all coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

No encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (EMP) . Parameters (X, Y, ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) One Encryption Method Descriptor (EMD) for each encryption 
method. The EMD defines any data that is needed by the 
encryption/decryption module. The type of encryption algorithm 
is defined. A typical use of EMD will be to include a keyword 
that is encrypted by a public key algorithm. The user supplies a 
private key for decrypting the enclosed encrypted key. The 
decrypted Ly is used by a fast decryption algorithm to decrypt 
JagTcoding units. The order of the EMDs allocates an number to 
eacn encryption method. This number is used in UES symbols. 

S) The bitstream must for each coding unit specify if it is 
lifted ~d if so by what method. This is done by setting one 
Unit Encryption State (UES) symbol per codxng unxt. These 
symbols could either be collected in the encryption heade or 
alternatively be distributed in the bitstream - enc^ptxon 
tags If the UES information is kept in the encryption header 
define a header element - Encryption State (ES) . ES consxsts of 
a series of UES symbols that are listed in the same order as the 
coding units appears in the bit stream. 

IF EF is set and the Encryption State is not given in the 
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header. JPEG 2000 Tags can be expanded to contaxn Unxt 
Encryption State (UBS), symbols. UES defines which encryption 
method, if any, that is used for encrypting the next coding 



unit . 



The transform coefficients belonging to a ROI can be handled as 
described above. They can be completely or ^f^ ^^ 
by selecting appropriate coding units belonging to the ROI for 

encryption. 

The main problem is that the shape of the KOI might reveal the 
content. If the shapes are encrypted it is. however, drffrcult 
to show a reduced quality image since it is difficult to 
interpret the coded transform coefficients. 

This problem can be solved by defining a so called cloaXing 
3^ c-shape, . Thus, the real shape of one or several ROIs are 
completely enclosed in the c-shape. The c-shape rs designed to 
not^eves! sensitive image content. A simple exa^le of a c- 
shape is a bounding box. 

• „i ^ onr in the JPEG 2000 bit 

IZ'Z^r™ Z in the « ,000 

header . 

A mas. is created *^^ U ZZ2Z*«~ 
coefficients belonging to the c shape ^ 
using the method as described herern . ^ shielded 

all coefficients -longing to any RQIS is chus 

by the c-shape are encrypted. The text- 
protected by encryption. 

The shape of the aols are encrypted ^JZTJJ'^ that 
- ■ ~v, h Pa der The encryption, header contain* v 

The decoder can now decode the unencrypted bacJcgr 
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shape can be displayed as a blank region. The original ROIs can 
be decoded if the keyword is known. This is done by 
the coefficients belonging to the c-sha P e. The shape of each SOI 
belonging to the c-shape is also decrypted. The bitstream can 
now be rearranged so that the c-shape is dropped and the 
original ROI data structures are restored. Note that this is 
done in the compressed domain. 

The mask that is used for encoding a ROI is not uniquely de f ined 
in JPEG 2000. A mask that is sufficiently large so that the ROI 
is encoded lossless will often cover the whole lower subbands. A 
mask that is not allowed to expand will lead to a lossy encoding 
of the ROI. The masks belonging to different ROIs or to a ROI 
and the background can be designed to overlap. This means that 
some coefficients are encoded in more than one ROI Such 
overlap will lead to a reduced overall compression but the ROIs 
Zl more independent so that any ROI can be accessed and decoded 
with a good visual result. 

The partial encryption method for ROIs described herein is . not 
7 rf.nt of the choice of mask as long as the mask is selected 
dependent of the choi ^constructed from the 

so that the content of a ROI « ^ ^ ^ ^ & 
content of any other ROI or b g describe d in Charilaos 

nvask that hides the content of the ROI i 
Christopoulos (ed.). JPEG 2000 Verification Model 

By using the method and device as described herein storage and 
By using u ^-rtiallv encrypted images is 

bandwidth ^^"^rj^ed composition and processing of 
reduced. Furthermore, ob^ec based J ^ encrypced . 

encrypted "^rypt- and the original 

^er advantage is ^^^The"^^^ since 

performed at the same time « - ^ * domain (at che 

th e process ta*es place in the^c mp ^ ^ ^ ^ 

bitstream syntax) ill P £orme d just before 

encryption. The encryption can e P „ this case , 

transmitting the image by a parser (tran 
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^r, t-Ho hitrate which will be the case 
if the encryption increases the bitrate, wmc 

if the encryption is placed in the TAGS, the increase in bitrate 
il cne enciyv r . ia orilv added before 

is avoided and the encryption information is only a 

transmitting it. 
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CLAIMS 



1. A method of partially encrypting image data comprising the 
steps of: 

_ coding the image data using an encoding algorithm generating 

independently decodable coding units, 

- encrypting at least one of the coding units, and 

_ mer ging coding units which are not encrypted with coding units 

which are encrypted into a combined bitstream. 

2. A method according to claim 1, characterized in that the not 
encrypted coding units correspond to a low resolution version of 
the image data. 

3. A method according to any of claims 1-2, characterized in 
that different coding units are encrypted using different coding 
methods . 

4 A method according to any of claims 1 - 3 f characterized in 
that an encryption flag, which indicates if a coding unit is 
encrypted, is inserted in the bit stream. 

5 A method according to any of claims 1-4, when information 
corresponding to a Region of interest is -^ te ^ 
characterized in that the shape of the region of interest 
enclosed in a cloaking shape. 

6 . A device for partial encryption of image data characterised 

Cleans for coding the -age data according to an encoding 
algorithm generating independently decodable coding <■»*■• 

- leans connected to the coding means for encrypting at least 
one of the coding units, and 

- neans for merging coding units which are not encrypted with 
coding units which are encrypted as a combined bitstream. 

„• _ «•„ rA»im 6 characterised by means for 
7. A device according to claim 6, cnar corre sponding 
selecting the not encrypted codm, units as units corr 
to a low resolution version of the image data. 
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8 . * device according to any of ciaims 6-7, characterised by 
-means for- encrypting different coding units using different 
coding methods. 

9. A device according to any of claims 6-8, characterised by 
»eans for inserting an encryption flag, which indicates if a 
coding unit is encrypted, in the bit stream. 

10. A device according to any of claims 6-9, characterised by 
means for enclosing a region of interest shape in a dotting 
shape. 
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